#28461 [Com]: segmentation fault when using backreferences on a long string

Fri, 10 Sep 2004 08:42:18 -0700 

 ID:               28461
 Comment by:       hewei at ied dot org dot cn
 Reported By:      xanthor at xanthor dot tk
 Status:           Feedback
 Bug Type:         PCRE related
 Operating System: Linux, WindowsXP©
 PHP Version:      4.3.8; 4.3.9RC1, 5.0.1
 New Comment:

preg_match("/(((?<!aaa).)*)(?<!aaa)aaa/",str_repeat('
',10882).'aaa',$z);

crashes PHP4.3.9RC2

But not on php-4.3.2-11.1.ent (WBEL 3.0), the length
to trigger segmentation fault is about 19230.

The most funny thing is that the more closer to the limit, the more
likely you will get a random segmentation fault.

Not only the above pattern will cause the error,
preg_match("/^( )*$/",str_repeat(' ',19250));
will too.


Previous Comments:
------------------------------------------------------------------------

[2004-09-10 12:49:48] [EMAIL PROTECTED]

Please try using this CVS snapshot:

  http://snaps.php.net/php5-STABLE-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php5.0-win32-latest.zip

I couldn't reproduce any of the crashes.

------------------------------------------------------------------------

[2004-08-23 11:24:50] xanthor at xanthor dot tk

Updating version :
I've found an other expression which segfaults also PHP 5 :
preg_match("/^((?<!a).)*/",str_repeat('b',21236),$z);

------------------------------------------------------------------------

[2004-07-19 11:11:33] xanthor at xanthor dot tk

The bug is still here with PHP 4.3.8

------------------------------------------------------------------------

[2004-05-21 11:17:44] xanthor at xanthor dot tk

No it isn't fixed :
with 2236+3 chars it works, but when we increase this number we manage
to have an other segmentation fault.
(The new limit seems to be 2247+3)

------------------------------------------------------------------------

[2004-05-21 01:13:19] [EMAIL PROTECTED]

Please try using this CVS snapshot:

  http://snaps.php.net/php4-STABLE-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php4-win32-STABLE-latest.zip



------------------------------------------------------------------------

The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
    http://bugs.php.net/28461

-- 
Edit this bug report at http://bugs.php.net/?id=28461&edit=1

Reply via email to